A SERVICE OF

logo

SonicPoint > RF Management
587
SonicOS 5.8.1 Administrator Guide
Null Probe Response - When a wireless client sends out a probe request, the attacker
sends back a response with a Null SSID. This response causes many popular wireless
cards and devices to stop responding.
Broadcasting De-Authentication - This DoS variation sends a flood of spoofed de-
authentication frames to wireless clients, forcing them to constantly de-authenticate and
subsequently re-authenticate with an access point.
Valid Station with Invalid (B)SSID - In this attack, a rouge access point attempts to
broadcast a trusted station ID (ESSID). Although the BSSID is often invalid, the station can
still appear to clients as though it is a trusted access point. The goal of this attack is often
to gain authentication information from a trusted client.
Wellenreiter/NetStumbler Detection - Wellenreiter and NetStumbler are two popular
software applications used by attackers to retrieve information from surrounding wireless
networks.
Ad-Hoc Station Detection - Ad-Hoc stations are nodes which provide access to wireless
clients by acting as a bridge between the actual access point and the user. Wireless users
are often tricked into connecting to an Ad-Hoc station instead of the actual access point, as
they may have the same SSID. This allows the Ad-Hoc station to intercept any wireless
traffic that connected clients send to or receive from the access point.
Unassociated Station - Because a wireless station attempts to authenticate prior to
associating with an access point, the unassociated station can create a DoS by sending a
flood of authentication requests to the access point while still unassociated.
EAPOL Packet Flood - Extensible Authentication Protocol over LAN (EAPOL) packets are
used in WPA and WPA2 authentication mechanisms. Since these packets, like other
authentication request packets, are received openly by wireless access points, a flood of
these packets can result in DoS to your wireless network.
Weak WEP IV - WEP security mechanism uses your WEP key along with a randomly
chosen 24-bit number known as an Initialization Vector (IV) to encrypt data. Network
attackers often target this type of encryption because some of the random IV numbers are
weaker than others, making it easier to decrypt your WEP key.
Practical RF Management Field Applications
This section provides an overview of practical uses for collected RF Management data in
detecting Wi-Fi threat sources. Practical RF Management Field Applications are provided as
general common-sense suggestions for using RF Management data.
This section contains the following subsections:
“Before Reading this Section” section on page 588
“Using Sensor ID to Determine RF Threat Location” section on page 588
“Using RSSI to Determine RF Threat Proximity” section on page 589